Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume VII - Issue #45

October 18, 2005

Congratulations to Leonard Ong, GCFA, GSNA, GCIH, for winning the
Singapore Government's IT Specialist of the Year 2005. This prestigious
award recognizes the national "role model" for the person who best
exemplifies effective training and IT advancement, and has been picked
up in several newspapers and magazines. When advised of the news,
Stephen Northcutt, SANS CEO, said, "Leonard is one of the hardest
working members of the GIAC advisory board and one of the most well
rounded security professionals I have ever met. If anyone should be a
role model, it would be Leonard."

************************************************************************* Security Training Update Baltimore, Amsterdam, and San Diego are all hosting large SANS training conferences. Plus smaller programs in a dozen other cities. http://www.sans/org *************************************************************************

TOP OF THE NEWS

Congress Agrees to Split Cyber Security From IA/IP (13 October 2005)

Congress has agreed to separate the Department of Homeland Security's cyber security division from information analysis and infrastructure protection (IA/IP). In addition, the cyber security division's director will be elevated to an assistant secretary position. The decision came as part of the fiscal 2006 spending measure. The DHS budget for next year includes $93 million for the cyber division's public and private sector exercises and outreach programs. In addition, $17 million is designated for the science and technology division for research and development into cyber attack detection and response devices. -http://www.govexec.com/story_page.cfm?articleid=32555&printerfriendlyVers=1&amp;

DDoS Attacks Tops ISPs List of Security Threats (13 October 2005)

Results of Arbor Networks' Worldwide ISP Security Report indicate that 90 percent of ISPs find that "brute force" distributed denial-of-service (DDoS) attacks from bot networks are their single biggest hassle. Rapidly spreading worms and DNS poisoning attacks ranked second and third, respectively, on the list. Just 29 percent of the ISPs have automated services to counter and trace DDoS attacks; furthermore, most ISPs have become aware of DDoS attacks only when alerted by customers. Results were based on responses from 36 large ISPs in the US, Europe and Asia. -http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4570

THE REST OF THE WEEK'S NEWS

HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY

US House of Representatives Holds Joint Hearing on SCADA System Vulnerabilities (October 18 2005)

The Homeland Security Committee of the US House of Representatives is holding a joint hearing (of two Subcommittees) on vulnerabilities in SCADA systems this afternoon (October 18). SANS Director of Research, Alan Paller, has been invited to testify along with Andy Purdy from the Department of Homeland Security, representatives of Sandia and Idaho National Labs and Bill Rush of the Gas Technology Institute. The testimony will illuminate the significant threat to electric power and other critical industries that unprotected SCADA and other digital control systems pose. -http://homeland.house.gov/release.cfm?id=420 SANS (Paller) Testimony: -http://www.sans.org/info/901 GAO Report on the growing SCADA threat: -http://www.gao.gov/new.items/d04354.pdf[Editor's Note (Paller): Critical infrastructure asset owners and technology suppliers engaged in SCADA or DCS security should keep track of the SCADA Security Summit, being arranged by private asset owners and researchers and British and US government agency personnel. The goal is to find the technologies that actually work and develop consensus procurement language that will allow buyers of SCADA equipment to ensure their suppliers are delivering the most secure systems possible. Send an email to info@sans.org with the subject SCADA Summit (and your name and company and role in SCADA security) and we'll send you the early information about the Summit. ]

Because law enforcement seems to give phishing a low priority, banks and companies that conduct business on the Internet are taking matters into their own hands. The organizations work with ISPs, web hosting services and regional Internet authorities to track down the servers the phishing email is coming from and work with contacts to shut the sites down. They have also been setting up phony accounts and working with banks and law enforcement organizations to track the stolen data and ultimately arrest the thieves. -http://www.newsfactor.com/story.xhtml?story_id=38544[Editor's Note (Schultz): I was not aware that law enforcement has not been very interested in phishing cases. One would think that phishing, something that exposes many individuals to the potential of identity theft, would get more of law enforcement's attention. (Schneier) I've been saying that companies won't do much about phishing until they have a financial incentive to do so; perhaps a sufficient number of disgruntled customers constitutes an incentive. ]

Three Indicted in Software and Music Piracy Scheme (13 October 2005)

Three California men have been indicted for their alleged roles in a music and software piracy scheme; the three were allegedly involved in illegally copying CDs. Charges in the indictments include conspiracy to commit criminal copyright infringement and traffic in counterfeit labels, criminal copyright infringement, trafficking in counterfeit labels, and aiding and abetting. The arrests and searches were part of the US Department of Justice's "Operation Remaster" which focused on the replicators in the chain of digital media piracy. -http://www.computerworld.com/printthis/2005/0,4814,105374,00.html-http://www.internetnews.com/bus-news/article.php/3556071

MISCELLANEOUS

UK Bank Lloyds TSB is piloting a new security program for its Internet banking customers. A key-fob token will generate a new six-digit, one-time-use security code for about 30,000 customers each time they wish to conduct an Internet banking transaction. Lloyds had previously used a two-stage authentication system: a username and password followed by a drop-down menu with choices of letter combinations. The program is slated to last for six months; Lloyds will then assess its effectiveness and customer reaction before deciding whether or not to roll it out to its entire customer base. -http://news.bbc.co.uk/2/hi/business/4340898.stm-http://www.computerworld.com/printthis/2005/0,4814,105430,00.html[Editor's Note (Paller): Do you know which banks have done the best job of implementing two-factor authentication? Early indications are that UBS and Rabobank are the leaders in Europe and that the banks in Hong Kong and Singapore are doing the best job of making two-actor authentication easy and inexpensive (using cell phones). If you have any data on which banks are doing it best please share it with us. It is time to give consumers the information they need to choose their banks on the basis of who is best at protecting their money. ]===end===

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/